AW: 1024 bit encryption compromised?

Huels, Ralf SCORE
Thu Mar 28 08:49:02 2002


>     Based on Bernstein's proposed architecture, a panel of experts
>     estimated that a 1,024-bit RSA factoring device can be built using
>     only commercially available technology for a price range of several
>     hundred million to $1bn.

Hm. Up to now I had only read opinions that stated that Bernstein's 
result was still rather theoretical.
> I guess this is the same thing that was discussed last week on this
> list. I'm not into this level of cryptoanalytics,

Neither am I.

> but what do you folks
> say about this? I guess there is no need to get upset of this, if Big
> Brother wants my bytes, I suppose he has other ugly ways to compromise
> the key -- bugging my flat or setting up some kind of scanners to

I guess it all depends on who you want to hide your stuff from. If you need
to keep stuff from Governments or billion Dollar corporations, you better be

paranoid. If you just want to keep stuff from your small provider's admin
I'd guess that 1024 bit RSA still goes a long way.

Personally I use GnuPG for "political" reasons rather than for a true need
for cryptography. I assume that by using and promoting GnuPG, building a
web of trust and so forth (besides the fact that it's fun ;-), I might 
weaken the position of crypto opponents, who might argue that only
criminals use crypto anyway.

> The question is floating around among us -- would it be wise to upgrade
> to 2048 bits, or is this just speculations? Now that they're talking
> about this, I guess one should be a step ahead of the snoopers --
> especially when it comes to the future robustness of the signatures.

If I were to create a new key now, I would make it 2048 bits. Since I
have two fairly well signed 1024 bit keys (Ranking 1722 and 2003 in the statistic ;-), I'll stick with those as long as there are no
further advances in cryptanalysis.